Faking out hackers
Roughly 15 years ago I suggested to friends in the IT department that the best way to defeat hackers is to decieve them. My suggestion to my boss at the time was to setup a fake network filled with bogus information. The company I worked for was a credit card company and we had constant issues with security being tested by outside attacks and were always looking for new ways to defend.
My boss, being the typical book learned, college grad, thinking inside the box idiot, told me no. It was a stupid idea.
I knew better.
I used to run a BBS during the 80's and 90's. I was a member of several different pirate groups and I was always afraid I'd get caught like so many others Sysops.
I tried many different BBS programs for security purposes but the best idea I ever came up with was not what I used, but how I presented it.
I had setup a fake login when you first connected to my BBS. You'd get a DOS prompt from a very unfriendly system. Type DIR and find a slew of .EXE's to run. As you sat there trying the .EXE's the system was keeping count of your trial and error. Unfortunately for the trouble maker, the .EXE never was there and the only way you knew about it was from "word of mouth".
If you did know the .EXE then a question would pop up. Not a login. It would ask you a series of random questions. Such as, "Applecore?" Where you would need to know the next line in the dialog between Donald Duck and Dale the chimpmunk. If you got it wrong you were given a false question and a delay of 5 seconds. Each wrong question, 5 more seconds added to the delay and another wrong question.
I had about 500 false questions by the time I took the BBS down, containing movies, famous speeches, random sports trivia, etc.
Deception. That is the key.
In today's society every thing has become "inside the box". Corporations think too much inside the box. They have brilliant people working for them but the real geniuses are those trying to hack them. It's the hackers who think outside the box, with out restrictions.
Time for a change corporate world. Time to think outside the box.